Below are snapshots of recent global updates courtesy of Nymity Research.
GDPR: CNIL Approves its First EU Cloud Code of Conduct
The Code fulfills the requirements set out in the GDPR, including that it facilitates effective application of the GDPR (i.e., concrete examples bring real added value to members in their approach to accountability), identifies the CNIL as the competent supervisory authority, and provides mechanisms for oversight (including several bodies responsible for monitoring and a matrix of coercive measures to be implemented by such bodies). Read more here.
COVID-19: Privacy and Access Rights Remain Crucial During a Pandemic
The OPC and provincial and territorial commissioners urge institutions to uphold the right of access to information during the pandemic (include measures for processing access requests in business continuity plans); public and private entities must respect data minimization and use limitation, and use de-identified or aggregate-level data whenever possible when informing the public on safety decisions and measures. Read more here.
Legislation: Massachusetts Reintroduces Student Data Privacy
If passed, operators of a site, service or application may not engage in targeted advertising based on information acquired through the use of their services for K-12 purposes (e.g., services that aid in administration of school activities), and they must establish contracts where covered information is shared with, sold or accessed by a third party (includes cloud based services and digital software); aggrieved students or educational entities may institute civil actions up $10,000 or $1,000 depending on the alleged violation. Read more here.
Legislation: Zambia Enacts Comprehensive Data Protection Act
Effective April 1, 2021, obligations include to appoint a DPO, register personal data processing with the DPC, maintain records of processing activities, comply with data subjects’ rights (e.g., access, rectification, erasure, data portability) conduct a DPIA for high risk processing (e.g., systemic profiling or processing sensitive data on a large scale), store personal and sensitive data within Zambia, and notify a data breach within 24 hours; penalties for violations can reach up to 2% of annual turnover and imprisonment up to 10 years. Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.